Threats to Online Security – Part 1

I can remember those days when Facebook was in its initial phase of development. I am talking about those days when Indian users prefer ORKUT (a social media platform of Google). There were 2 major emerging nations other that U.S. that spent their whole day on ORKUT i.e. India and Pakistan. During those days there were no security breach, or rather, there were security breaches but it remained unnoticed and unreported.

The problems related to security and safety is not with social media platforms, but with the ignorance of people in using it. Online safety and security can only be understood by understanding the different ways in which cyber threats can occur.

Let’s discuss a few of these:

BACKDOOR

A backdoor in a computer system, a cryptosystem or an algorithm, is any secret method of bypassing normal authentication or security controls. They may exist for a number of reasons, including by original design or from poor configuration. They may have been added by an authorized party to allow some legitimate access or by an attacker for malicious reasons; but regardless of the motives for their existence, they create vulnerability.

A user nowadays can see used authentication on many sites where download files can only be done after a user mark yes on a box which states that “I am not a robot”. This is because of the backdoor technique.

DIRECT-ACCESS ATTACKS

An unauthorized user gaining physical access to a computer is most likely able to directly copy data from it. They may also compromise security by making operating system modifications, installing software worms, key loggers, covert listening devices or using wireless mice. Even when the system is protected by standard security measures, these may be able to be by-passed by booting another operating system or tool from a CD-ROM or other bootable media. Disk encryption and Trusted Platform Module are designed to prevent these attacks.

These attacks are most common these days as YouTube tutorial can easily teaches anyone direct access attack or through any software one can become a possible hacker. Though it took years to learn ethical hacking.

SPOOFING

Spoofing is the act of masquerading as a valid entity through falsification of data (such as an IP address or username), in order to gain access to information or resources that one is otherwise unauthorized to obtain. There are several types of spoofing, including email spoofing, where an attacker forges the sending (From, or source) address of an email.

PHISHING

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Preying on a victim’s trust, phishing can be classified as a form of social engineering.